Cisco CCNA (640-553) Security Training

 

Using the “aaa dnis map accounting network” command

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa dnis map accounting network”. 

 

Network administrators (like you) use the “aaa dnis map accounting network” command to map a Dialed Number Information Service (DNIS) number to a particular AAA server group that will be used for AAA accounting. 

 

Another way of saying it is, CCNA’s (like you) use the aaa dnis map accounting network” command to assign a DNIS number to a specific AAA server group, so that the server group can process accounting requests for users dialing into the network using a particular DNIS number.

 

Now, before you can use the command, you must do the following first:

 

  1. Enable AAA on the router

  2. Define an AAA server group

  3. Enable DNIS mapping

 

Below is the command’s syntax:

  

aaa dnis map dnis-number accounting network [start-stop | stop-only | none] [broadcast] group groupname

 

As you can see, the command can use several keywords, below are there explanations:

 

dnis-number – The argument is the number of the DNIS.

 

start-stop – This (optional) keyword is used to indicate that the defined security server group will send a “start accounting” notice at the beginning of a process and a “stop accounting” notice at the end of a process. The “start accounting” record is sent in the background. (The requested user process begins regardless of whether the “start accounting” notice was received by the accounting server.) 

 

stop-only – This (optional) keyword is used to indicate that the defined security server group will send a “stop accounting” notice at the end of the requested user process.

 

none – This (optional) keyword is used to indicate that the defined security server group will not send accounting notices.


broadcast – This (optional) keyword enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.

 

group group-name —This keyword uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.

 

Below is an example of the command being used:

  

Router>enable

Router#configure terminal

Router(config)#aaa new-model

Router(config)#radius-server host 172.30.0.0 acct-port 1646 key ittechtips1

Router(config)#aaa group server radius group1

Router(config-sg-radius)#server 172.30.0.0

Router(config-sg-radius)#exit

Router(config)#aaa dnis map enable

Router(config)#aaa dnis map 8888 accounting network group group1

Router(config)#exit

Router#copy run start

 

In the above example, we are using the “aaa dnis map accounting network” command to map the 8888 DNIS number to the RADIUS server group called group1. Server group group1 will use RADIUS server 172.30.0.0 for accounting requests for users dialing in with DNIS 8888. 

 

And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

 

Router(config)#no aaa dnis map dnis-number accounting network 

  

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.1(1)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the aaa dnis map accounting network command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

http://www.ccnaittechtips.com